Support Questions

MID_ACN · ‎09-12-2024

When we try to enable the user as Admin we get the following message:Modifying user role only allowed when local authentication is enabled.

BR

Michele

Mike · ‎09-12-2024

Hi, yes, that is expected error message. You have to add that user into whatever CDSW Admin group you are using and then sync the users. When you log in, if CDSW is configured to use SAML or LDAP, it will pull the user information that way and determine if that user should have admin privileges.

View solution in original post

Mike · ‎09-18-2024

Hi, the LDAP paramaters are stored inside the postgres database that backs CDSW. It's best not to change these database entries manually. You can use the "debug login" URL here to fix the LDAP configuration: https://docs.cloudera.com/cdsw/1.10.5/external-authentication/topics/cdsw-debug-login-url.html

The "debug login URL" will bypass LDAP and let you log in directly to CDSW as the first user that was created, typically an account named "admin" or something like that.

If you do NOT know the admin user login information, you can reset that in the database with a procedure like:

1) SSH to the CDSW master host

2) accesss the db
kubectl exec -it $(kubectl get pods -l role=db -o jsonpath='{.items[*].metadata.name}') -- psql -P pager=off -U sense

3) Set the "password1" password for an existing user, for example 'admin':
sense=# UPDATE users SET password='$2a$12$soyqZyDasDpsU/vDx3Y0Euq23OMLxqxDffAIjighiH.oVdV64VVvC' WHERE username='CDSW_Admin';

make sure to update the username to whatever user you want to log in as. Before LDAP is set up, users are managed locally by the database, which is why this procedure works. The password is just a bcrypt'd version of "password1" but you can change this after you log in.

Once you log in, you'll be able to go to the Admin page and update the LDAP configurations.

View solution in original post

DianaTorres · ‎09-12-2024

@MID_ACN Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our CDSW experts @Gopinath @Mike who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

Mike · ‎09-12-2024

Hi, yes, that is expected error message. You have to add that user into whatever CDSW Admin group you are using and then sync the users. When you log in, if CDSW is configured to use SAML or LDAP, it will pull the user information that way and determine if that user should have admin privileges.

DianaTorres · ‎09-16-2024

@MID_ACN Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks.

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

MID_ACN · ‎09-17-2024

Hi,
thanks for the help, we modified the configuration but now we have a problem with autentication

Is it possible to modify the ldap parameters on the cli command or can you suggest us the path to find the ldap files configuration, please?

Mike · ‎09-18-2024

Hi, the LDAP paramaters are stored inside the postgres database that backs CDSW. It's best not to change these database entries manually. You can use the "debug login" URL here to fix the LDAP configuration: https://docs.cloudera.com/cdsw/1.10.5/external-authentication/topics/cdsw-debug-login-url.html

The "debug login URL" will bypass LDAP and let you log in directly to CDSW as the first user that was created, typically an account named "admin" or something like that.

If you do NOT know the admin user login information, you can reset that in the database with a procedure like:

1) SSH to the CDSW master host

2) accesss the db
kubectl exec -it $(kubectl get pods -l role=db -o jsonpath='{.items[*].metadata.name}') -- psql -P pager=off -U sense

3) Set the "password1" password for an existing user, for example 'admin':
sense=# UPDATE users SET password='$2a$12$soyqZyDasDpsU/vDx3Y0Euq23OMLxqxDffAIjighiH.oVdV64VVvC' WHERE username='CDSW_Admin';

make sure to update the username to whatever user you want to log in as. Before LDAP is set up, users are managed locally by the database, which is why this procedure works. The password is just a bcrypt'd version of "password1" but you can change this after you log in.

Once you log in, you'll be able to go to the Admin page and update the LDAP configurations.

Mike · ‎10-16-2024

FYI you can use this site to set the password to something else: https://www.browserling.com/tools/bcrypt

DianaTorres · ‎09-23-2024

@MID_ACN Has the reply helped resolve your issue?

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

Support Questions

Admin enablement issues